(New Delhi, May 14, 2017): The country’s cyber security agency Computer Emergency Response Team of India (CERTIn) has issued a redcoloured ‘critical alert’ in connection with the WannaCry attack, and warned users to not pay the ransom.

The ransomware worm that stopped car factories, hospitals, shops and schools over the weekend worldwide, with Asia having escaped the worst so far, could wreak fresh havoc on Monday when employees log back on, cyber security experts warned.

“Individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released. Report such instances of fraud to CERTIn and law enforcement agencies,” CERTIn said.

The spread of the virus WannaCry, which locked up more than 100,000 computers, had slowed on Sunday, but new versions of the worm were expected even while the world was yet to take stock of the extent of damage from Friday’s attack.

Marin Ivezic, cyber security partner at PwC, said some clients had been “working around the clock since the story broke” to restore systems and install software updates or restore systems from backups.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.

Code for exploiting that bug, known as “Eternal Blue”, was released on the internet in March by a hacking group known as the Shadow Brokers.

The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.

The US cyber security researcher who helped halt the WannaCry attack, Darien Huss, said on Sunday that it wouldn’t be difficult for those responsible to rerelease it or for others to mimic it — and this time it would not be reined in.

Monday is expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turn on their computers.

Some of the world’s largest institutions and government agencies have been affected so far, including the Russian interior ministry, FedEx in the US and Britain’s National Health Service.

Other major hits included automaker Renault and its arm Dacia, the Nissan plant in northeast England, German rail operator Deutsche Bahn, Spain’s telecom giant Telefonica, Portugal Telecom and Telefonica Argentina, and a hospital in Jakarta that cautioned of big queues on Monday when about 500 people were due to register.

Cyber security company Symantec predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks.

Ransoms paid amount to tens of thousands of dollars, one analyst said, but it is generally predicted to surge when the deadline to pay the ransom approaches, and people start paying up once news spreads that payment solves the problem. One estimate put it as high as a billion dollars, but till Saturday, some $33,000 had been paid into the several bitcoin accounts associated with the ransomware, according to Elliptic, a company that tracks online financial transactions involving virtual currencies

The US government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security.